<?php
session_save_path('sessions');
session_start();

// Connection to our database
include("include/dbconnection.php");

include("include/createUserFunctions.php");

// If the form was submitted, then create the user
if(isset($_POST['Submit'])) {
    
    // Create the basic user first
        // Get all the form elements for the user
        $userType = mysql_real_escape_string($_POST['userType']);

        // Get the username based on the person's real name
        $userName = mysql_real_escape_string($_POST['name']);
        $userName = str_replace(' ', '', $userName);

        // Check duplicate user name
        $query = "SELECT * FROM $TABLE_USERS WHERE $TABLE_USERS_USERNAME LIKE '$userName'";
        $resultSet = mysql_query($query);
        $counter = 1;
        while(mysql_numrows($resultSet) > 0)
        {
            $userName = $userName.substr($userName, 0,$counter);
            $query = "SELECT * FROM $TABLE_USERS WHERE $TABLE_USERS_USERNAME LIKE '$userName'";
            $resultSet = mysql_query($query);
            $counter++;    
        }
        
        // Lowercase the final username
        $userName = strtolower($userName);

        // Check duplicate email
        $email = mysql_real_escape_string($_POST['email']);
        $query = "SELECT * FROM $TABLE_USERS WHERE $TABLE_USERS_EMAILADDRESS LIKE '$email'";
        $resultSet = mysql_query($query);

        // More than 0 means the email address already exists. Kick user back and issue error message.
        if(mysql_numrows($resultSet) > 0)
        {
            $_SESSION['emailExists'] = "This email address has already been used, please try again.";
            header("location:register.php");
        }

        // Cleanup and SHA1 hash the password.
        /* Never EVER save the actual password text.
         * Message to Dr. Desai: Emailing me my password in the CrsMgr emails is a BIG no no.
         */
        $password = sha1(mysql_real_escape_string($_POST['password']));
        
        // All checks passed, create the basic user
        createBasicUser($userType, $userName, $password, $email);
        
        // Get the userID that was assigned to us in the basic user creation
        $userIdQuery = "SELECT u.$TABLE_USERS_USERID FROM $TABLE_USERS u WHERE u.username='".$userName."'";
        $resultSet = mysql_query($userIdQuery);
        $result = mysql_fetch_array($resultSet);
        $userId = $result[$TABLE_USERS_USERID];        
       
        
        
    // Create rest of user based on specific usertype given
        
        // If we're making a registered user
        switch($userType) {
            
            case $TABLE_USERTYPE_TYPEREGISTERED:
            {
                // Keep getting form elements
                $name = mysql_real_escape_string($_POST['name']);
                $address = mysql_real_escape_string($_POST['address']);
                $phoneNumLand = mysql_real_escape_string($_POST['phoneNumLand']);
                $phoneNumCell = mysql_real_escape_string($_POST['phoneNumCell']);
                $occupation = mysql_real_escape_string($_POST['occupation']);

                $employer = "";
                if(!empty($_POST['employer']))
                    $employer = mysql_real_escape_string($_POST['employer']);

                $employerAddress = "";
                if(!empty($_POST['employerAddress']))
                    $employerAddress = mysql_real_escape_string($_POST['employerAddress']);

                $ccNumber = sha1(mysql_real_escape_string($_POST['ccNumber']));
                $ccCode = sha1(mysql_real_escape_string($_POST['ccCode']));
                $mothersMaidenName = sha1(mysql_real_escape_string($_POST['mothersMaidenName']));

                // Create the registered user
                createRegisteredUser($userId, $name, $address, $phoneNumLand, $phoneNumCell, $occupation, $employer, $employerAddress, $ccNumber, $ccCode, $mothersMaidenName);    
            }
            break;
case $TABLE_USERTYPE_TYPEFINANCIAL:
            {
                // Keep getting form elements
                $name = mysql_real_escape_string($_POST['name']);
                $address = mysql_real_escape_string($_POST['address']);
                $phoneNumLand = mysql_real_escape_string($_POST['phoneNumLand']);
                $phoneNumCell = mysql_real_escape_string($_POST['phoneNumCell']);
                $occupation = mysql_real_escape_string($_POST['occupation']);

                $employer = "";
                if(!empty($_POST['employer']))
                    $employer = mysql_real_escape_string($_POST['employer']);

                $employerAddress = "";
                if(!empty($_POST['employerAddress']))
                    $employerAddress = mysql_real_escape_string($_POST['employerAddress']);

                $ccNumber = sha1(mysql_real_escape_string($_POST['ccNumber']));
                $ccCode = sha1(mysql_real_escape_string($_POST['ccCode']));
                $mothersMaidenName = sha1(mysql_real_escape_string($_POST['mothersMaidenName']));

                // Create the registered user
                createFinancialUser($userId, $name, $address, $phoneNumLand, $phoneNumCell, $occupation, $employer, $employerAddress, $ccNumber, $ccCode, $mothersMaidenName);    
            }
            break;
            case $TABLE_USERTYPE_TYPEBUSINESS:
            {
                // Get form elements from the business details form
                    $companyName = mysql_real_escape_string($_POST['companyName']);
                    $businessCharter = mysql_real_escape_string($_POST['businessCharter']);
                    $contactName = mysql_real_escape_string($_POST['contactName']);
                    $contactPhoneLand = mysql_real_escape_string($_POST['contactPhoneLand']);

                    $contactPhoneMobile = "NULL";
                    if(!empty($_POST['contactPhoneMobile']))
                        $contactPhoneMobile = mysql_real_escape_string($_POST['contactPhoneMobile']);

                    $contactPhoneFax = "NULL";
                    if(!empty($_POST['contactPhoneFax']))
                        $contactPhoneFax = mysql_real_escape_string($_POST['contactPhoneFax']);                

                    $contactPosition = "";
                    if(!empty($_POST['contactPosition']))
                        $contactPosition = mysql_real_escape_string($_POST['contactPosition']);

                    $contactEmail = mysql_real_escape_string($_POST['contactEmail']);

                    $companyAddress = "";
                    if(!empty($_POST['companyAddress']))
                        $companyAddress = mysql_real_escape_string($_POST['companyAddress']);               


                    $companyCity = mysql_real_escape_string($_POST['companyCity']);

                    $companyState = "";
                    if(!empty($_POST['companyState']))
                        $companyState = mysql_real_escape_string($_POST['companyState']);

                    $companyPostalCode = "";
                    if(!empty($_POST['companyPostalCode']))
                        $companyPostalCode = mysql_real_escape_string($_POST['companyPostalCode']);

                    $companyCountry = mysql_real_escape_string($_POST['companyCountry']);

                    $companyEmail = "";
                    if(!empty($_POST['companyEmail']))
                        $companyEmail = mysql_real_escape_string($_POST['companyEmail']); 

                    $preferredIndustry = mysql_real_escape_string($_POST['preferredIndustry']);
                    
                // Create the business user
                createBusinessUser($userId, $companyName, $businessCharter, 
                        $contactName, $contactPhoneLand, $contactPhoneMobile, 
                        $contactPhoneFax, $contactPosition, $contactEmail, 
                        $companyAddress, $companyCity, $companyState, 
                        $companyPostalCode, $companyCountry, $companyEmail, $preferredIndustry);
            }
            break;
               
            
        } // End of switch($userType)

    // Success message
    $_SESSION['creationConfirmed'] = "Your user has been successfully created. Your username is $userName. Please wait until the administrator confirms your account.";
    
    // Go back to index
    header("location:index.php");
    
}
else header("location:index.php");